Under normal circumstances, users will have to create a Yammer session before using the JS SDK in scenarios like apps integrated on intranet pages. If you’re able to implement both server and client side scripting and pull the current user’s email address, you can use this guide to preauthorize a Yammer session so apps utilizing the JS SDK will be as seamless as possible.
Prerequisites and Assumptions
- You have an app utilizing the Yammer JS SDK with users manually authenticating as per our documentation at https://developer.yammer.com/docs/js-sdk
- You can utilize both client and server side scripting. The language and method of implementing the server-side scripting component is entirely dependent on your specific environment and configuration.
- You can obtain the current user’s email address from the server’s side
- Obtain a Verified Admin token for your application in one of the following 2 ways
- Create the app with a Verified Admin account and then in the app’s Basic Info page, click “Generate a developer token for this application.” Note that you’ll need to use this app’s info in the JS SDK and any subsequent calls.
- Use the process outlined at https://developer.yammer.com/docs/test-token with a Verified Admin account to get an OAuth token for that VA account. Note that you must use the app info used to generate this token in all future steps.
- Obtain the current user’s email address in the server-side script.
- Using the VA token obtained in step 1 to authenticate, pass the user’s email address to our Get User by Email Address endpoint documented at https://developer.yammer.com/docs/usersby_emailjsonemailuserdomaincom, and then process the response
- If the call to the API endpoint returns a 200 OK response, first check the “state” field to make sure the user is “active” and if so, store the “id” field that’s returned and go to step 4
- If the call returns a 404 or a state other than “active,” direct the user to finish creating and activating their account however you like.
- Once you have the user’s ID, you can pass it to our Impersonation endpoint to obtain a pre-authorized OAuth token for that user. This endpoint is documented at https://developer.yammer.com/docs/impersonation and must use the VA token obtained in step 1 to authorize the call, and the consumer_key of your JS SDK app.
- You now have an OAuth token for the current user. When generating the code being passed to the browser, have the client side JS SDK code first call yam.platform.getLoginStatus and if there’s no active session and you have a token from step 4, pass that token to yam.platform.setAuthToken($tokenFromStep4, optional_callback_function_if_desired(response)). If you don’t have a valid token, direct the user to finish setting up their Yammer account.
- Continue making JS SDK calls as you normally would, without needing the user to authenticate.
Note: This code should live on the page where you’re hosting the Yammer JS SDK app. This code should be rewritten in your server side scripting language and curl library’s format. This code should go right before your JS SDK Code.
About the author
Alex Blaine is a Support Escalation Engineer on the Yammer Support Escalation team.